Maxthon browser gathers user data without permission

Security researchers just found out that a Chinese-built browser has been tracking its users and collecting data without their knowledge.

What else is new?

Exatel, together with Fidelis Cybersecurity Network Solutions, found that a web browser developed by Chinese company Maxthon has been collecting sensitive data, including the version of the operating system, screen resolution, the type and speed of the CPU, memory, location of Maxthon executable, whether or not an ad blocking software is installed and running, and the homepage URL.

All of this, the two companies said, could be an indicator of a reconnaissance operation, to know where to strike.

“The information that Maxthon was transmitting contains almost everything needed to conduct a reconnaissance operation to know exactly where to attack,” says Justin Harvey, chief security officer at Fidelis Cybersecurity.

“For example, by knowing the exact operating system and installed applications, as well as browsing habits, it would be relatively trivial to send a perfectly crafted spear phishing attack to the victim, or perhaps set up a watering hole attack on one of their most frequently visited websites.”

The entire website browsing history goes to Maxthon creators’ servers in Beijing, the report says, adding that this includes contents of all the entered Google search queries. The browser also uses symmetric cryptography and static encryption keys, allowing man-in-the-middle attacks.

All questions and requests for comment from the browser’s creators were met with silence.

Maxthon’s browser is the sixth most popular browser in China and – surprisingly enough – in Poland.